this repo has no description
Move some constants from CryptoTokenKit into libaks and add some more definitions in libaks
+52
-34
-1
src/frameworks/CryptoTokenKit/CMakeLists.txt
-1
src/frameworks/CryptoTokenKit/CMakeLists.txt
+4
-5
src/frameworks/CryptoTokenKit/include/ACMAclDefs.h
+4
-5
src/frameworks/CryptoTokenKit/include/ACMAclDefs.h
···
5
5
6
6
// Someone please reverse-engineer this,
7
7
// these are guessed and not verified
8
-
#define kAKSKeyAcl CFSTR("AKSKeyAcl")
9
-
#define kAKSKeyOpDefaultAcl CFSTR("AKSKeyOpDefaultAcl")
10
8
#define kACMKeyAclConstraintUserPasscode "ACMKeyAclConstraintUserPasscode"
11
-
#define kACMKeyAclParamBioCatacombUUID "ACMKeyAclParamBioCatacombUUID"
12
9
#define kACMKeyAclConstraintBio "ACMKeyAclConstraintBio"
10
+
#define kACMKeyAclConstraintKofN "ACMKeyAclConstraintKofN"
11
+
#define kACMKeyAclConstraintPolicy "ACMKeyAclConstraintPolicy"
12
+
#define kACMKeyAclConstraintWatch "ACMKeyAclConstraintWatch"
13
+
13
14
#define kACMKeyAclParamBioCatacombUUID "ACMKeyAclParamBioCatacombUUID"
14
15
#define kACMKeyAclParamBioDatabaseHash "ACMKeyAclParamBioDatabaseHash"
15
16
#define kACMKeyAclParamKofN "ACMKeyAclParamKofN"
16
-
#define kACMKeyAclConstraintKofN "ACMKeyAclConstraintKofN"
17
-
#define kAKSKeyAclParamRequirePasscode CFSTR("AKSKeyAclParamRequirePasscode")
18
17
19
18
#endif
-17
src/frameworks/CryptoTokenKit/include/ACMDefs.h
-17
src/frameworks/CryptoTokenKit/include/ACMDefs.h
···
8
8
// these are guessed and not verified
9
9
10
10
#define kACMPolicyDeviceOwnerAuthentication "ACMPolicyDeviceOwnerAuthentication"
11
-
#define kACMKeyAclConstraintPolicy "ACMKeyAclConstraintPolicy"
12
-
13
-
#define kAKSKeyOpSync CFSTR("AKSKeyOpSync")
14
-
//#define kAKSKeyOpSign CFSTR("AKSKeyOpSign")
15
-
#define kAKSKeyOpDelete CFSTR("AKSKeyOpDelete")
16
-
//#define kAKSKeyOpDecrypt CFSTR("AKSKeyOpDecrypt")
17
-
#define kAKSKeyOpEncrypt CFSTR("AKSKeyOpEncrypt")
18
-
#define kAKSKeyOpDelete CFSTR("AKSKeyOpDelete")
19
-
20
-
extern const int kAKSKeyOpSign;
21
-
22
-
extern const CFStringRef kAKSKeyOpDecrypt;
23
-
24
-
extern const int kAKSKeyOpComputeKey;
25
-
26
-
extern const CFStringRef kAKSKeyOpAttest;
27
-
28
11
29
12
#endif
+4
-1
src/frameworks/CryptoTokenKit/include/ctkclient.h
+4
-1
src/frameworks/CryptoTokenKit/include/ctkclient.h
···
26
26
#define kTKTokenControlAttribAttestingKey "TKTokenControlAttribAttesting"
27
27
#define kTKTokenControlAttribKeyToAttest "TKTokenControlAttribKeyToAttest"
28
28
#define kTKTokenControlAttribAttestationData "TKTokenControlAttribAttestationData"
29
+
#define kTKTokenControlAttribLifetimeControlKey "TKTokenControlAttribLifetimeControlKey"
30
+
#define kTKTokenControlAttribLifetimeType "TKTokenControlAttribLifetimeType"
31
+
29
32
#define kTKTokenCreateAttributeAuxParams "TKTokenCreateAttributeAuxParams"
30
33
31
34
#define TKTokenKeyUsageAny 1
32
35
33
-
typedef const struct CF_BRIDGED_TYPE(TKToken) __TKToken * TKTokenRef;
36
+
typedef const struct CF_BRIDGED_TYPE(id) __TKToken * TKTokenRef;
34
37
35
38
CF_EXPORT
36
39
CFDataRef TKTokenCopyObjectAccessControl(TKTokenRef token, CFDataRef object_id, CFErrorRef *error);
-10
src/frameworks/CryptoTokenKit/src/defs.c
-10
src/frameworks/CryptoTokenKit/src/defs.c
+32
src/libaks/include/libaks.h
+32
src/libaks/include/libaks.h
···
11
11
// FIXME: I have no idea what these are for, so they are 0 for now
12
12
#define session_keybag_handle 0
13
13
#define device_keybag_handle 0
14
+
#define bad_keybag_handle (-1) // that's a pretty common "bad" signed integer value
14
15
15
16
typedef uint32_t keybag_state_t;
16
17
typedef int32_t keybag_handle_t;
···
40
41
extern kern_return_t aks_assert_hold(keybag_handle_t keybagHandle, AKSAssertionType_t lockAssertType, uint64_t timeout);
41
42
42
43
extern kern_return_t aks_assert_drop(keybag_handle_t keybagHandle, AKSAssertionType_t lockAssertType);
44
+
45
+
enum {
46
+
kAKSReturnSuccess = 0, // 100% sure this is the correct value
47
+
kAKSReturnError = KERN_FAILURE, // 90% sure this is the correct value
48
+
49
+
// i have no clue what these could be
50
+
kAKSReturnBusy,
51
+
kAKSReturnNoPermission,
52
+
kAKSReturnNotReady,
53
+
kAKSReturnTimeout,
54
+
kAKSReturnBadArgument,
55
+
kAKSReturnNotPrivileged,
56
+
kAKSReturnNotFound,
57
+
kAKSReturnDecodeError,
58
+
kAKSReturnPolicyError,
59
+
kAKSReturnBadDeviceKey,
60
+
kAKSReturnBadSignature,
61
+
kAKSReturnPolicyInvalid,
62
+
};
63
+
64
+
typedef int32_t keyclass_t;
65
+
66
+
// i know it's a pointer, but it seems to be used opaquely, so not much more information
67
+
// oh, it's also a CF type (deduced because it's used with `__bridge_retained` in Objective-C code)
68
+
typedef void* aks_ref_key_t;
69
+
70
+
enum {
71
+
kAppleKeyStoreAsymmetricBackupBag,
72
+
};
73
+
74
+
#define key_class_last (0)
43
75
44
76
#ifdef __cplusplus
45
77
}
+12
src/libaks/include/libaks_acl_cf_keys.h
+12
src/libaks/include/libaks_acl_cf_keys.h
···
3
3
4
4
//typedef aks_key_t *aks_ref_key_t;
5
5
6
+
extern CFStringRef kAKSKeyAcl;
7
+
extern CFStringRef kAKSKeyAclParamRequirePasscode;
8
+
9
+
extern CFStringRef kAKSKeyOpDefaultAcl;
10
+
extern CFStringRef kAKSKeyOpSign;
11
+
extern CFStringRef kAKSKeyOpComputeKey;
12
+
extern CFStringRef kAKSKeyOpAttest;
13
+
extern CFStringRef kAKSKeyOpDecrypt;
14
+
extern CFStringRef kAKSKeyOpEncrypt;
15
+
extern CFStringRef kAKSKeyOpDelete;
16
+
extern CFStringRef kAKSKeyOpECIESTranscode;
17
+
6
18
#endif